1. Field of the Invention
The present invention relates to a method for transmitting data to and receiving data from a terminal in a communication system and a communication terminal in which the method is performed. More particularly, the present invention relates to a method for transmitting and receiving data of a terminal in a communication system and a communication terminal thereof, which can minimize exposure of authentication information.
2. Description of the Related Art
Data transmission and reception between a server and a terminal or between terminals is performed in a manner where a terminal obtains user authentication by directly transmitting a user ID and a password to a server or an opposite terminal.
FIG. 1 is a flowchart illustrating a conventional method for transmitting and receiving data of a terminal in a communication system. In FIG. 1, for example, terminal A 100 may request data from a server or terminal B 200.
Terminal A 100 requests authentication from the server or terminal B 200 by transmitting a password or authentication information of an authentication certificate (hereinafter, “certificate”) to a server or terminal B 200 (step S10). Terminal B 200 authenticates terminal A 100 using the password or certificate received from terminal A 100 (step S12). In this example, the server or terminal B 200 has already received the pre-stored password or certificate of terminal A 100.
If the password or certificate transmitted from the terminal A 100 is identical to the pre-stored password or certificate of terminal A 100, Terminal B 200 completes the authentication of terminal A 100. The server or terminal B 200 transmits an authentication acknowledgement response to terminal A 100, in step S16. Once the authentication is completed, terminal A 100 requests specified data from the server or terminal B 200, in step S16, and the server or terminal B 200 transmits the data requested by terminal A 100 as a response, in step S18.
The above-described data transmission and reception is performed in a state where authentication information of the terminal A 100, i.e. an Identification (ID) of the terminal A 100, and a password or certificate corresponding to the ID, have already been stored in the server or terminal B 200. Also, terminal A 100, in the process of transmitting and receiving data with the server or terminal B 200, must continually transmit the password or certificate. Once the authentication of terminal A 100 is completed, terminal B 200, as a response, transmits data desired by terminal A 100.
According to the above-described method for transmitting and receiving data, since terminal A 100 must transmit the password or certificate whenever the terminal A 100 requests the data from the server or terminal B 200, the data transmission and reception procedure is cumbersome. Also, preventing a user from illegally invading communication lines and seizing the password or certificate of terminal A 100 is difficult, and thus corresponding man-in-the-middle attacks or replay attacks cannot be prevented.
Accordingly, there is a need for a method for transmitting and receiving data, which can prevent man-in-the-middle attacks or replay attacks and safely perform data transmission and reception by minimizing an exposure of authentication information, such as a password, etc., during performance of the data transmission and reception between a terminal and a server or between terminals.